This is one of the key reasons that registration failures should not result in a registered
device from becoming de-registered. If a device fails registration, an error response
should be returned to the device, but the existing registration remains intact
until it reaches its end of life, or the device sends a legitimate re-registration. This will
prevent network congestion from attacks using the registration process.
Integrity
Integrity ensures that what was sent is the same as what is received. This is considered
an aspect of security because a man-in-the-middle attack, for instance, could intercept
a SIP message and alter its contents (redirecting responses back to the perpetrator, for
example).
148 Chapter 6
Message body tampering is an example of where integrity is needed. By preventing
this from occurring, an operator can be assured that masquerading will be made more
difficult. To protect the integrity of a message, communication with the user device is
conducted through secure ports. These ports are assigned after a user device successfully
completes registration.
The P-CSCF assigns a secure port (other than 5060/5061) and uses this port for all
communications with the device until it registers a new location. By using the secure
port, all entities within the home network can be assured that the message is being
exchanged between two known and trusted entities, and that the device has already
been authenticated.
Pages:
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308